| Age | Commit message (Collapse) | Author |
|---|
|
that don't care about the language don't have to pull in all the headers.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149178 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
At this point this is largely cosmetic, but it opens the door to replace
ProgramStateRef with a smart pointer that more eagerly acts in the role
of reclaiming unused ProgramState objects.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149081 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149009 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
using CFArrayCreate & family.
Specifically, CFArrayCreate's input should be:
'A C array of the pointer-sized values to be in the new array.'
(radar://10717339)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149008 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
reports are batched up before being flushed
to the underlying consumer implementation. This allows us to unique reports across analyses to multiple functions (which
shows up with inlining).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148997 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148988 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
inlining) by 30%.
This is accomplished by periodically reclaiming nodes in the graph. This was an optimization
done before the CFG was linearized, but the CFG linearization destroyed that optimization since each
freshly created node couldn't be reclaimed and we only looked at a window of nodes created between
each ProcessStmt. This optimization can be reclaimed my merely expanding the window to N number of nodes.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148888 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148844 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Loc value. When this happens, use the default type.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148631 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Also, slightly modify the diagnostic message in ArrayBound and DivZero (still use 'taint', which might not mean much to the user, but plan on changing it later).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148626 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148577 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148566 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
IdempotentOperationsChecker to the 'experimental' category. Fixes <rdar://problem/10146347>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148533 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
fewer than 6 Xs. Implements <rdar://problem/6336672>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148531 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
APIs. Now
multiple checks are exposed as separate checkers, but CheckerManager only creates
one Checker object.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148525 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148518 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
printing.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148517 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
at the given location.
This could be useful when checkers' logic depends on whether a function
is called with a given macro argument.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148516 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
TaintPropagationRule::process().
Also remove the "should be a pointer argument" warning - should be
handled elsewhere.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148372 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
size (Ex: in malloc, memcpy, strncpy..)
(Maybe some of this could migrate to the CString checker. One issue
with that is that we might want to separate security issues from
regular API misuse.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148371 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
functions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148370 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
appropriate or when GCC requires it)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148292 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This allows -Wswitch-enum to find switches that need updating when these enums are modified.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148281 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
taint propagation functions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148266 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
- Add atomic-to/from-nonatomic cast types
- Emit atomic operations for arithmetic on atomic types
- Emit non-atomic stores for initialisation of atomic types, but atomic stores and loads for every other store / load
- Add a __atomic_init() intrinsic which does a non-atomic store to an _Atomic() type. This is needed for the corresponding C11 stdatomic.h function.
- Enables the relevant __has_feature() checks. The feature isn't 100% complete yet, but it's done enough that we want people testing it.
Still to do:
- Make the arithmetic operations on atomic types (e.g. Atomic(int) foo = 1; foo++;) use the correct LLVM intrinsic if one exists, not a loop with a cmpxchg.
- Add a signal fence builtin
- Properly set the fenv state in atomic operations on floating point values
- Correctly handle things like _Atomic(_Complex double) which are too large for an atomic cmpxchg on some platforms (this requires working out what 'correctly' means in this context)
- Fix the many remaining corner cases
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148242 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148229 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
data.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148176 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
radar://10686991
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148081 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148080 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
looking up value at a CodeTextRegion even when the type is not provided.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148079 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148078 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
limit the call stack depth. The analyzer can now accurately simulate factorial for limited depths.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148036 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
+ all the other Retrieve..() methods + a comment for ElementRegion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148011 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
To simplify the process:
Refactor taint generation checker to simplify passing the
information on which arguments need to be tainted from pre to post
visit.
Todo: We need to factor out the code that sema is using to identify the
string and memcpy functions and use it here and in the CString checker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148010 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
small refactoring for
the common *alloc functions as well as a few tiny wibbles (adds a note
to CWE/CERT advisory numbers in the bug output, and fixes a couple
80-column-wide violations.)"
Patch by Austin Seipp!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147931 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
inlining for straight C calls.
My hope is to reimplement this from first principles based on the simplifications of removing unneeded node builders
and re-evaluating how C++ calls are handled in the CFG. The hope is to turn inlining "on-by-default" as soon as possible
with a core set of things working well, and then expand over time.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147904 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147854 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147744 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
A patch by Dmitri Gribenko!
The attached patch fixes a use-after-free in AnalysisConsumer::HandleTranslationUnit. The problem is that
BugReporter's destructor runs after AnalysisManager has been already
deleted. The fix introduces a scope to force correct destruction
order.
A crash happens only when reports have been added in AnalysisConsumer::HandleTranslationUnit's BugReporter. We don't have such checkers in clang so no test.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147732 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
We already have a more conservative check in the compiler (if the
format string is not a literal, we warn). Still adding it here for
completeness and since this check is stronger - only triggered if the
format string is tainted.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147714 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
ExprEngine::processCallEnter().
This removes analysis of other translation units, but that was an experimental feature anyway that we will revisit later.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147705 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147698 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
ExprEngine::processCallExit() do the work manually. This is a nice simplification.
Along the way, fix Exprengine::processCallExit() to also perform the postStmt callback for checkers for CallExprs.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147697 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
entries map from
(Stmt*,LocationContext*) pairs to SVals instead of Stmt* to SVals.
This is needed to support basic IPA via inlining. Without this, we cannot tell
if a Stmt* binding is part of the current analysis scope (StackFrameContext) or
part of a parent context.
This change introduces an uglification of the use of getSVal(), and thus takes
two steps forward and one step back. There are also potential performance implications
of enlarging the Environment. Both can be addressed going forward by refactoring the
APIs and optimizing the internal representation of Environment. This patch
mainly introduces the functionality upon when we want to build upon (and clean up).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147688 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
as a result of a call.
Problem:
Global variables, which come in from system libraries should not be
invalidated by all calls. Also, non-system globals should not be
invalidated by system calls.
Solution:
The following solution to invalidation of globals seems flexible enough
for taint (does not invalidate stdin) and should not lead to too
many false positives. We split globals into 3 classes:
* immutable - values are preserved by calls (unless the specific
global is passed in as a parameter):
A : Most system globals and const scalars
* invalidated by functions defined in system headers:
B: errno
* invalidated by all other functions (note, these functions may in
turn contain system calls):
B: errno
C: all other globals (which are not in A nor B)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147569 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147566 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147526 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147505 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
and realloc(). Patch by Cyril Roelandt!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147500 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
called transitively
from C++ constructors or destructors. Checker by Lei Zhang with a few tweaks by Ted Kremenek.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147494 91177308-0d34-0410-b5e6-96231b3b80d8
|
